summaryrefslogtreecommitdiff
path: root/src/libsystemd-bus/bus-container.c
AgeCommit message (Collapse)Author
2013-12-17bus: when connecting to a container's system bus, double fork after joining ↵Lennart Poettering
the container's namespace setns(CLONE_NEWPID) only applies to child processes, hence let's fork once after joining the container's namespace.
2013-12-17bus: when entering an existing namespace to connect to a container's system ↵Lennart Poettering
bus also switch over PID namespace This is necessary to ensure that kdbus can collect creds of the destination namespace when connecting.
2013-12-14bus: when connecting to a container's kdbus instance, enter namespace firstLennart Poettering
Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-11journal: add ability to browse journals of running OS containersLennart Poettering
This adds the new library call sd_journal_open_container() and a new "-M" switch to journalctl. Particular care is taken that journalctl's "-b" switch resolves to the current boot ID of the container, not the host.
2013-10-31machinectl: add new command to spawn a getty inside a containerLennart Poettering
2013-10-30run: add support for executing commands remotely via SSH or in a containerLennart Poettering
Also, unify the transport logic a bit, since we reuse the same scheme in many of our client tools.
2013-10-30bus: add API call to create bus connection to the system bus of local containersLennart Poettering
Also, add support for this to machinectl, so that we can enumerate the machines that run inside a container. We must go deeper!